Re: CISCO ASA 8.3 : Public Servers

also check the access-list on the outside, in 8.3 and above when you add an access-list you will need to permit real ip's and not translated ip's

since you have real ip on outside as weel i think you must have done it right but in any case if at all you have used the same ip in order to hide the public ip then please check the access-list as well

On Log monitoring I Have no trace about any connection on 195.10.10.4.

I try your suggest about ping on 192.168.10.4 and you alright, the server doesn't ping. In fact is due to the public servers configuration because on log monitorig I see : Built outbound ICMP connection for faddr 66.249.92.104 gaddr 195.10.10.4 laddr 192.168.10.4 (It a ping to google, faddr is google address).

The server try to connect to internet with the 195.10.10.4 public address, it use the Static NAT for Public Server configuration ?

Re: CISCO ASA 8.3 : Public Servers

i am not sure if i understood you right, please correct me if i am wrong

you have pinged from outside to 192.168.1.4, which is on inside

what i wouldl ike you to do is try to ping from 192.168.1.4 to outside and capture the tarffic flow, this will confirm if the static nat is working fine

also on the upstream device check the arp entry for htis 192.168.1.4 ip, see if it is the firewall mac address, if not try hard coding that (this step only if you see poackets leaving and not coming back in your captures)

We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...
view more